AMENDMENTS TO THE CLAIMS 

Claims Pending: 

• At time of the Action: Claims 1-4, 6-8, 10-36, and 38-48 

• Amended Claims: Claims 20 and 38 

• After this Response: Claims 1-4, 6-8, 10-36, and 38»48 

The following listing of claims replaces all prior versions and listings of claims in the 
application. 
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1. (Previously Presented) A method of processing multiple types 
of security schemes, comprising: 

receiving a message having a first token and a second token, wherein the first 
token and the second token are different from each other, while associated with a same 
subject; 

extracting claims from one or more different types of security tokens 
corresponding to multiple security schemes, wherein a claim is a statement about a 
security token's subject that allows security schemes to be based on extracted claims; 

authenticating the first token by extracting a first claim from the first token and 
authenticating the second token by extracting a second claim from the second token, 
wherein the first and second claims comprise different statements about the subject; 

grouping the first and second claims into a claim collection by selectively 
mapping the first claim and the second claim to other claims; 

determining a resource being accessed by extracting or obtaining resource 
identifiers from a message at run-time or examining a static configuration of a service; 

authorizing access to a the resource referred to in the message based at least in 
part on the first and second claims; and 

supporting multiple security schemes for the method. 

2. (Original) The method of claim 1, further comprising 
obtaining another claim from the token. 
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3. (Original) The method of claim 1, further comprising 
rejecting the message as a function of the first claim. 

4. (Original) The method of claim 1, further comprising 
rejecting the message as a function of the second claim. 

5. (Cancelled) 

6. (Original) The method of claim 1, further comprising 
obtaining a resource identifier from the message. 

7. (Original) The method of claim 6, wherein obtaining the 
resource from the message comprises applying an XPath expression. 

8. (Original) The method of claim 6, wherein the resource 
identifier comprises a property of the message. 

9. (Cancelled) 

10. (Previously Presented) The method of claim 6, wherein the 
resource identifier comprises a property of the computing system's runtime 
environment. 
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11. (Previously Presented) The method of claim 6, wherein a 
resource corresponding to the resource identifier is stored by the computing system. 

12. (Original) The method of claim 1, further comprising 
sending a return message to a sender of the message, wherein the return message 
includes information regarding the second claim. 

13. (Original) The method of claim 12, wherein the information 
regarding the second claim comprises the second claim. 

14. (Original) The method of claim 1, further comprising 
obtaining a third claim from the first claim. 

15. (Original) The method of claim 1, further comprising 
obtaining a third claim from the second claim. 

16. (Original) The method of claim 1, further comprising 
selectively rejecting the first claim. 

17. (Original) The method of claim 1, wherein the token is 
received out-of-band from the message. 
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18. (Previously Presented) The method of claim 1, further 

comprising sending the message, the first token and the second token to another entity, 
wherein the second token includes information related to the second claim. 



19. 



(Cancelled) 



20. 



(Currently Amended) 



A system configured to process multiple 



types of security schemes, the system comprising: 
one or more computer processors; and 

one or more computer readable storage media, executable by the one or more 
computer processors, to store: 

a first module to extract claims from one or more different types of security 
tokens corresponding to multiple security schemes, wherein a claim is a 
statement about a security token's subject that allows security schemes to be 
based on the extracted claims; 

[[a]] M first module to extract a first claim from a first token and a second 
claim from a second token associated with a message, wherein the message has 
an associated subject and the first claim and the second claim comprise 
different statements related to the subject; [[and]] 

a second module to selectively map the first claim and the second claim to 
other claims; 

the second module to determine a resource being accessed by extracting 
or obtaining resource identifiers from a message at run-time; and 
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the second module to authorize access to the resource referred to in the 
message based at least in part on the first and second claims. 

21. (Original) The system of claim 20 further comprising a third 
module to determine as a function of the first claim whether the message is to be 
rejected. 

22. {Original) The system of claim 20, further comprising a third 
module to determine as a function of the second claim whether the message is to be 
rejected. 

23. (Original) The system of claim 20, further comprising a 
module to form a claim collection that includes the first and second claims. 

24. (Original) The system of claim 20, further comprising a 
module to selectively obtain a resource identifier from the message. 

25. (Original) The system of claim 24, wherein the module to 
obtain the resource identifier from the message is to selectively apply an XPath 
expression to obtain the resource identifier. 

26. (Original) The system of claim 24, wherein the resource 
identifier comprises a property of the message. 
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27. (Original) The system of claim 20, further comprising a 
module to selectively obtain a resource identifier from a computing system in which the 
first and second modules reside. 

28. (Original) The system of claim 27, wherein the resource 
identifier comprises a property of the computing system's runtime environment. 

29. (Original) The method of claim 27, wherein a resource 
corresponding to the resource identifier is stored by the computing system. 

30. (Original) The system of claim 20, further comprising a 
module to selectively send a return message to a sender of the message, wherein the 
return message includes information regarding the second claim. 

31. (Original) The system of claim 30, wherein the information 
regarding the second claim comprises the second claim. 

32. (Original) The system of claim 20, wherein the second 
module is to selectively obtain a third claim from the first claim. 

33. (Original) The system of claim 20, wherein the second 
module is to selectively obtain a third claim from the second claim. 
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34. (Original) The system of claim 20, wherein the second 
module is to selectively reject the first claim. 

35. (Original) The system of claim 20, wherein the first module 
is to receive the token out-of-band from the message. 

36. (Previously Presented) The system of claim 20, further 
comprising a module to send the message, the first token and the second token to 
another entity, wherein the second token includes information related to the second 
claim. 

37. (Cancelled) 

38. (Currently Amended) A computer-readable storage medium 
storing computer-executable instructions that, executed by a processor, performs acts 
comprising: 

receiving a message having a first token and a second token, wherein the first 
token and the second token are different from[[-]]each other, [[,]] but associated with a 
same subject; 

extracting claims from one or more different types of security tokens 
corresponding to multiple security schemes, wherein a claim is a statement about a 
security token's subject that allows security schemes to be based on the extracted 
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claims; 

obtaining a first claim from the first token and a second claim from the second 
token, wherein the first and second claims comprise different statements about the 
subject; [[and]] 

selectively mapping the first claim and the second claim to other claims;[[.]] and 
authorizing access to a resource referred to in the message based at least in part 
on the first and second claims. 

39. (Previously Presented) The computer-readable storage medium 
of claim 38, further comprising rejecting the message as a function of the first claim. 

40. (Previously Presented) The computer-readable storage medium 
of claim 38, further comprising rejecting the message as a function of the second claim. 

41. (Previously Presented) The computer-readable storage medium 
of claim 38, further comprising obtaining a resource identifier from the message. 

42. (Previously Presented) The computer-readable storage medium 
of claim 38, further comprising obtaining a resource from a computing system reading 
the machine-readable medium. 
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43. (Previously Presented) The computer-readable storage medium 
of ciaim 38, further comprising sending a return message to a sender of the message, 
wherein the return message includes information regarding the second claim. 

44. (Previously Presented) The computer-readable storage medium 
of ciaim 38, further comprising obtaining a third claim from the first claim. 

45. (Previously Presented) The computer-readable storage medium 
of claim 44, further comprising rejecting the message as a function of the third claim. 

46. (Previously Presented) The computer-readable storage medium 
of claim 38, further comprising obtaining a third claim from the second claim. 

47. (Previously Presented) The computer-readable storage medium 
of claim 38, further comprising selectively rejecting the first claim. 

48. (Previously Presented) The computer-readable storage medium 
of claim 38, further comprising sending the message, the first token and the second 
token to another entity, wherein the second token includes information related to the 
second claim. 
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